VulnerableCode Package Details - pkg:gem/activerecord@4.2.11.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/activerecord@4.2.11.2

Essentials
History (21)

purl	pkg:gem/activerecord@4.2.11.2

Next non-vulnerable version	7.1.5.2
Latest non-vulnerable version	8.0.2.1
Risk	4.5

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-5qu2-b8gt-7qe3 Aliases: CVE-2021-22880 GHSA-8hc4-xxm3-5ppp	Active Record subject to Regular Expression Denial-of-Service (ReDoS) The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.	5.2.4.5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.3.5 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.1.2.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n8r7-wthv-fqaj Aliases: CVE-2022-32224 GHSA-3hhc-qp5v-9p2j GMS-2022-3029	Active Record RCE bug with Serialized Columns When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE. There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.	5.2.8.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.0.5.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.1.6.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.3.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sygb-mygd-s3gb Aliases: CVE-2022-44566 GHSA-579w-22j4-4749 GMS-2023-59	Duplicate This advisory duplicates another.	6.1.7.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.4.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zqzx-avvt-wkhm Aliases: CVE-2025-55193 GHSA-76r7-hhxj-r776	Active Record logging vulnerable to ANSI escape injection This vulnerability has been assigned the CVE identifier CVE-2025-55193 ### Impact The ID passed to `find` or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. ### Releases The fixed releases are available at the normal locations. ### Credits Thanks to [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this vulnerability	7.1.5.2 Affected by 0 other vulnerabilities. 7.2.0.beta1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.2.2.2 Affected by 0 other vulnerabilities. 8.0.0.beta1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.0.2.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:35:12.365921+00:00	GitLab Importer	Affected by	VCID-zqzx-avvt-wkhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2025-55193.yml	38.4.0
2026-04-16T22:20:02.581855+00:00	GitLab Importer	Affected by	VCID-sygb-mygd-s3gb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-44566.yml	38.4.0
2026-04-16T22:17:26.929709+00:00	GitLab Importer	Affected by	VCID-n8r7-wthv-fqaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-32224.yml	38.4.0
2026-04-16T21:17:21.131086+00:00	GitLab Importer	Affected by	VCID-5qu2-b8gt-7qe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2021-22880.yml	38.4.0
2026-04-16T17:41:28.271530+00:00	Ruby Importer	Affected by	VCID-zqzx-avvt-wkhm	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml	38.4.0
2026-04-16T02:32:16.723573+00:00	GHSA Importer	Affected by	VCID-n8r7-wthv-fqaj	https://github.com/advisories/GHSA-3hhc-qp5v-9p2j	38.4.0
2026-04-12T00:55:27.361643+00:00	GitLab Importer	Affected by	VCID-zqzx-avvt-wkhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2025-55193.yml	38.3.0
2026-04-11T23:37:57.302938+00:00	GitLab Importer	Affected by	VCID-sygb-mygd-s3gb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-44566.yml	38.3.0
2026-04-11T23:34:50.525411+00:00	GitLab Importer	Affected by	VCID-n8r7-wthv-fqaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-32224.yml	38.3.0
2026-04-11T22:29:30.680485+00:00	GitLab Importer	Affected by	VCID-5qu2-b8gt-7qe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2021-22880.yml	38.3.0
2026-04-11T21:39:19.767629+00:00	Ruby Importer	Affected by	VCID-zqzx-avvt-wkhm	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml	38.3.0
2026-04-11T13:57:45.252009+00:00	GHSA Importer	Affected by	VCID-n8r7-wthv-fqaj	https://github.com/advisories/GHSA-3hhc-qp5v-9p2j	38.3.0
2026-04-05T02:29:50.064485+00:00	GitLab Importer	Affected by	VCID-n8r7-wthv-fqaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-32224.yml	38.1.0
2026-04-03T01:03:36.843111+00:00	GitLab Importer	Affected by	VCID-zqzx-avvt-wkhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2025-55193.yml	38.1.0
2026-04-02T23:42:14.938069+00:00	GitLab Importer	Affected by	VCID-sygb-mygd-s3gb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-44566.yml	38.1.0
2026-04-02T22:41:02.289304+00:00	GitLab Importer	Affected by	VCID-5qu2-b8gt-7qe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2021-22880.yml	38.1.0
2026-04-02T19:36:54.416360+00:00	Ruby Importer	Affected by	VCID-zqzx-avvt-wkhm	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml	38.1.0
2026-04-02T14:44:04.507780+00:00	GHSA Importer	Affected by	VCID-n8r7-wthv-fqaj	https://github.com/advisories/GHSA-3hhc-qp5v-9p2j	38.1.0
2026-04-01T18:04:58.123838+00:00	GitLab Importer	Affected by	VCID-sygb-mygd-s3gb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2022-44566.yml	38.0.0
2026-04-01T16:58:31.640777+00:00	GitLab Importer	Affected by	VCID-5qu2-b8gt-7qe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2021-22880.yml	38.0.0
2026-04-01T15:54:26.059081+00:00	Ruby Importer	Affected by	VCID-zqzx-avvt-wkhm	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml	38.0.0